1. Field of the Invention
This invention relates to computer systems and, more particularly, to secure backup and restore techniques used in computer systems.
2. Description of the Related Art
Security of information technology (IT) assets is an ever-growing concern in today's enterprises. As more and more of enterprise computing resources are linked directly and/or indirectly to external networks such as the Internet, the likelihood of various types of network intrusions and infections by malicious software such as viruses, Trojan horses, worms, etc. is only expected to increase. Although a number of different techniques to enhance the security of enterprise computing environments have been implemented over the years, such as various types of hardware and software firewalls, virus detection tools, and the like, malicious-software attacks continue to succeed at least temporarily from time to time, often resulting in large productivity losses and/or data loss. For example, even though virus detection tools are frequently updated to recognize the latest viruses that have been identified, new, as-yet-undetected viruses are just as quickly being transmitted around the Internet by unsuspecting e-mail users, file sharers and other users. By the time a solution for a particular virus is developed and widely deployed, it is often the case that the virus has already infected hundreds or even thousands of systems around the world.
In some scenarios, for example where the computer systems at a particular enterprise are regularly backed up, an infected version of a particular file or other data object may be inadvertently backed up. At the time the backup version of the file is created, for example during a daily scheduled backup, the existence of the virus may not have been detected. The fact that the file is infected may not be detected even if a full virus scan of the data set being backed up is performed, since the virus detection tool used may not have been updated to recognize the virus.
For reasons such as those described above, it is often possible that by the time a live or online version of a particular file is found to be infected by malicious software, an infected backup version of the file may already have been created. The live version of the file may be quarantined and/or deleted when it is found to be infected, which may require a restoration of the file from a backup version. However, if the restore operation happens to use an infected backup version, the malicious-software infection may be reintroduced into the live data of the IT environment.